Encryption and E-mail with Thunderbird

Now it is time to take a look at practical uses of encryption, and the number one use is for e-mail. Encrypted communication via e-mail is very desirable if you want to keep a secret. In the U.S. the current legal precedents say that any e-mail left on a server is not protected since you would have no expectation of privacy. This precedent was set many years ago when POP3 was the standard for all e-mail and people did not usually leave e-mail on a server. These days, many people use web-based e-mail or use a newer standard called IMAP which by default stores everything on the server. Perhaps you are one of these people, and thought that you had a right to expect privacy, but in the U.S. you don’t, and I would expect that in many other countries the situation is no better.

There have been attempts to provide encrypted e-mail service from a service provider, but the problem here is that the provider usually has to have to the key in order to encrypt the e-mail, and if they have the key they can be compelled to give it up. Recently in the U.S. there was a case involving Ladar Levison who ran such a service called Lavabit. Lavabit encrypted mail in transit using TLS encryption, and he had the keys. When his service was used by Edward Snowden, the government came to get the keys. Now, Levison would have given them the key for Snowden’s e-mail if he had been served a warrant, as he always made clear to his customers that he would obey proper legal demands. But in this case the government demanded that he turn over all of the keys for all his customers, and this was too far for Levison. He shut down his service rather than cooperate, and is a bit of a hero for that. But it illustrates that you are at the mercy of the service provider. If the government made this demand to Lavabit, you are safe in presuming they had made the same demand to other providers, and that they all cooperated with the government and said nothing to their customers. So it would be mistake to rely on 3rd party mail service providers to give you privacy. You need to control it yourself. But of course, after the last few lessons you know how to do that, and have your secure keys created. You just need to put them to use.

Uses of Encryption in E-mail

Generally there are two uses of encryption in email, signing and encrypting the message. Signing does not encrypt the message, but what it does is provide authenticity. When you sign an e-mail with your key (also referred to as a digital signature) you are making a hash of the actual message, then encrypting that hash with your key in such a way that it can be validated as coming from you. This accomplishes two desirable things. First, it guarantees the integrity of contents of the message itself, since the contents had a hash created which can be checked against the message as it is received.This is much like the use of MD5 hashes to verify the integrity of downloaded software. With software downloads a hash is made of the binary file, and you then run a similar hashing program on the downloaded file and see if the two hashes match. If they do match, you know your copy is a bit-perfect copy of the original and no mistakes occurred in the downloading. But if even one bit is changed the hash you get will be completely different. BTW, I am not getting into the question of what a hash is other than to say it is an example of one of those “one-way” functions that can easily produce the hash but cannot easily go from the hash back the original. In your e-mail, then, the hash that goes into your digital signature is unique, and if anyone tampers with the message en route and changes even one single character of the message it would result in a totally different hash which could be detected by the recipient.

The other useful function of a digital signature is non-repudiation, which means that you cannot later deny having sent the message. It was encrypted with your key, and only you would have had access to that key. This is particularly useful for the related but different use of electronic signature. An electronic signature may or may not be encrypted, but is used in place of an actual physical signature on documents. With more and more commerce and other activity taking place online legal systems are developing standards for using electronic signatures as valid legal proof, and obviously the non-repudiation provided by an encrypted digital signature is very useful.

The thing to keep in mind is that a digital signature does not encrypt in any way the actual message being sent. That message is “in the clear” as cryptographers would say, meaning that anyone who gets the message can read it. That may be good enough for your purposes if all you want to do is guarantee that the message came from you and has not been altered. But if you want to actually keep the contents secret you need to go one step further and actually encrypt the message itself. That way, if anyone intercepts the message all they will see is a blob of random noise that they cannot decrypt. The important point to remember when sending encrypted e-mail is that you are not using your own keys to do this. Sending encrypted e-mail begins by using the public key of the recipient, so it is inherently a one-to-one procedure not suitable for mailing lists (though you could put a digital signature on a message to a list without any problem). So to send an encrypted e-mail to someone you must first obtain their public key. If you recall from our lessons on creating key pairs, one of the last steps was to post the key to a public key server, so that is one way to do it. There can still be ambiguity about people who share names and there is a serious problem of ensuring the identity of the owner of any given key, which we will return to in another lesson. For now, let’s assume that you have the public key for your correspondent.

Thunderbird

For many of us we have an e-mail account somewhere that may be either POP3 or IMAP based, and use software like Thunderbird to access it. This is a very popular program available cross-platform (Linux, Windows, Mac OS X), and in many languages. It is part of the Mozilla project, which also produces Firefox, and is free and open source. Thunderbird follows Firefox in using plug-ins and extensions to add to its capabilities, and one of these provides encryption services, and is called Enigmail. To install it, you just do what you would do for any other plug-in. Go to Tools–>Add-ons–>Get Add-ons, and then in the search bar type “Enigmail”. Select it and install it, and you are ready to go. Also, note that Enigmail is available for SeaMonkey and Postbox as well as for Thunderbird.

Enigmail uses GnuPG as its core technology, and when you install it you don’t really need to do much more if you already created your keys previously using GnuPG. Enigmail will look in the usual place for your GnuPG key, and use what it finds. But you can go to the Preferences for Enigmail and give it a location manually if necessary. Then you need to associate it with an account. If you only have one e-mail account that is pretty easy, but some people may check two or more e-mail accounts from one installation of Thunderbird. If you recall from our description of creating the key, your e-mail address was part of the key creation, so they are tied together. You can add more e-mail addresses to this key, but a better procedure is to have a key pair for each address. The reason is that anyone who decrypts a message from you automatically knows your e-mail address from the decryption, and if you had multiple addresses configured on one key all of them would be revealed to any recipient. Since we assume you are doing encryption to get privacy and security you can see why a separate key pair for each address is preferred.

Configuring Enigmail

To use Enigmail in Thunderbird once it is installed, you should take a look at the menu called OpenPGP that Enigmail creates in Thunderbird. Toward the bottom of this menu is an option called Setup Wizard that will step you through the initial configuration of Enigmail.

Opening screen of Enigmail Setup Wizard

As you proceed through the Wizard you need to answer some questions. The first question is whether you want to sign all outgoing e-mail, or would you rather do it on a case-by-case basis. You might think signing each e-mail is a good thing to do, but there are costs involved. To sign an e-mail you have to provide your GPG passphrase, and if you actually did as we suggested and made it long and secure, it will be a big pain in the butt to do this for every single e-mail you send. If you don’t mind that, go ahead and sign everything, but I have chosen to be more selective.

The next screen is for the setting on encrypting all e-mails. This is even less “user-friendly” than digital signing, because encrypting outbound e-mail requires that you have the public encryption key for the recipient. So by definition you cannot encrypt a message that goes to an e-mail list with multiple recipients since each one of them would have different public key. This is why the Wizard tells you “Unless most of your communication partners have public keys, you should not enable encryption by default.”

Then the Wizard asks for permission to change some technical settings in Thunderbird to make encryption work better.. You can click the “Details” button to see what they are asking to do, but I will say that for most people this is not a problem. The biggest change might be disabling the ability to compose HTML messages, but this makes sense because encryption is only possible with text, and HTML would just create a mess.

Next the Wizard asks you to select a key pair to use with e-mail. The key pair you created earlier in GPG should appear here unless for some reason you moved it to a non-standard location. But assuming you see it here, click on it once to highlight it, then click the Next button. This will take you to a screen that gives a summary of the settings you have made, and tells you that clicking the Next button one more time will put these settings into effect. So click the Next button, and you will see the message OpenPGP is now ready for use. Click Finish to close the Wizard.

Using Enigmail to Sign a Message

This could not be easier. Just click the Write button to open up a new message, then go the OpenPGP menu:

Signing a message in Thunderbird

Put a checkmark in the first box, Sign Message, then type your e-mail message as usual. When you are done, click the Send button, and a window will pop up asking you for your GPG Passphrase. Enter it, and your message will be sent with the digital signature. It will look something like this test message I created:

Test message in Thunderbird with a digital signature

The digital signature applies from the line at the top that says “Begin PGP Signed Message”, and goes to the bottom line End PGP Signature. You can see that the encryption used was SHA1. This stands for Secure Hash Algorithm 1, and was an early standard for encryption. These days it is not considered particularly secure as an encryption method, but this is only for a digital signature so it is fine for this use. The hash is the funny looking stuff inside the PGP Signature.

When your recipient receives the message, what happens depends on whether they also have some kind of PGP or GPG configured in their e-mail client. If they do not, they will see the message just at it appears in the above sample. But if their mail client has the capability, they will see a message that this is a good signature. Unless of course something went wrong along the way, and then they will see a message that says it has a bad signature.

Sending Encrypted E-mail with Thunderbird

Much the same process as using digital signatures. You open your Write window and compose a message, but now when you click Send a window you will need to select the key for the recipient. You won’t be asked for your GPG Passphrase because you are not using your key. You are using the key of the recipient. Your e-mail will be encrypted and sent on its way. In this case your message will look like this:

A message encrypted in Thunderbird

Here there is no clear text message to view, which is the difference between signing a message and encrypting a message. Presumably your recipient will use their private key when they receive this message to decrypt it.